If friends and family are bugging you for an explanation of Heartbleed and OpenSSL, refer them to this video

InfoWorld|Apr 11, 2014

Heartbleed, which has been at the center of some serious security hysteria this week, is actually a simple twist of the clasic buffer overflow exploit. What's a buffer overflow and how did Heartbleed tweak it, you ask -- or, perhaps more accurately, your nontechie friends and family members ask? The video below offers a basic explanation.

Heartbleed's attack targets OpenSSL; this is a big deal because OpenSSL handles a very large (half to two-thirds, according to the video) amount of the world's secure Web traffic, including email and traffic to and from online banks. By turning the concept of the buffer overflow on its head and, in fact, using buffer underflow, Heartbleed has been able to trick these nominally secure servers into coughing up all kinds of info -- exactly the goods you wouldn't want your bank or your email app to give up. Hence the hysteria.